Buy or Renew
Buy or Renew
Join the Catalyst Center Onboarding Ask Me Anything event happening now!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1080
Views
0
Helpful
4
Replies

Nexus 7000: QOS question how a port can be set to untrust

kfischbach
Level 1
Level 1

‎01-23-2013 02:31 PM - edited ‎03-07-2019 11:16 AM

Hallo,

the normal behavior of the Nexus 7K is, that QOS is enabled by default and all port are trusted for dscp and cos. We have some connected devices which are conneted through trunks. How can i set this port to an untrust port so that cos values >0 will be reset to 0 and also for dscp.

I think i have to do this with an policy-map but how can configure this because under one class i can not configure two set's (set cos 0 and dscp 0).

Kalle

Labels:
0 Helpful
4 Replies 4

Reza Sharifi
Hall of Fame
Hall of Fame

‎01-23-2013 03:23 PM

Hi,

You can try a policy-map and rewrite for example cos 5 to 0 on the incoming interface.  Once it is untrusted, then the uplink should untrust it too.

HTH

0 Helpful

dominic.caron
Level 5
Level 5

‎01-23-2013 04:55 PM

Hi,

On the nexus 7000 platform, you have to be aware of  a few things.

For bridged traffic, COS is used for ingress queue selection et preserve for egress queue selection. If trafic originate from an access ports (not a trunk), COS value will be 0.

For routed traffc, COS is used for ingress queue selection. DSCP will rewrite COS using the 3 most significant bits of DSCP and the new COS will be used for egress queue selection.

If you want to change the default behavior and not trust the traffic, you have to write a policy-map that rewrite the DSCP value to 0  of all trafic and apply it inbound on the physical interface. This will force the 7000 to re-write COS for bridged traffic also and egress queue selection will use the new COS

0 Helpful

kfischbach
Level 1
Level 1
In response to dominic.caron

‎01-24-2013 01:55 AM

Thanks for the answers. I wondering that the nexus is by default  rewriting the cos based on the dscp when the packets are bridged from on  trunk to an other trunk.

See also https://supportforums.cisco.com/thread/2071250

"The  CoS value is derived based on the type of traffic (bridged or   routed).  For bridged traffic, the CoS value is copied from the received   CoS value."

This answer match not this answer.

So for me it looks like, when i  use a input policy-map with set dscp = 0 than the cos will be unchanged  bridged from incoming interface to the outgoing interface. When i set  the cos to 0 than the dscp will be unchanged bridged.

What i need is a policy which set the cos and dsp to 0 when a packet comes in. The same when i set a catalyst port to "untrust".

0 Helpful

dominic.caron
Level 5
Level 5

‎01-24-2013 03:40 AM

I agree, but if you rewrite the dscp, it will drive the cos for bridged trafic.

Try it, you ll see...

Sent from Cisco Technical Support Android App

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card